By Theodore J. Kury
Hackers taking downward the States of America electricity grid may audio similar a plot ripped from a Bruce Willis activity movie, but the Department of Homeland Security too the FBI of late disclosed that Russia has infiltrated “critical infrastructure” similar American power plants, H2O facilities too gas pipelines. This hacking is similar to the 2015 too 2016 attacks on Ukraine’s grid. While it hasn’t risen beyond scouting mode, the specter of sabotage inwards the States of America forthwith seems to a greater extent than realistic than it used to. Clearly, there’s no fourth dimension to waste materials inwards shoring upwardly the grid’s security. Yet getting that done is non easy, every bit I’ve learned through my research regarding efforts inwards to stave off outages inwards hurricane-prone Florida.
A catch-22
There is no agency to completely protect the grid. Even if that were possible, utilities tend to adopt novel too improve safety procedures later on mishaps, boosting the jeopardy that some attacks volition succeed.
Regulation at the state too federal levels makes it difficult for utilities too regulators to travel together to acquire this labor done.
Utilities tin give the axe accuse their customers alone what it takes for them to cover reasonable expenses. Regulators must approve their rates through a physical care for that needs to survive open to world scrutiny.
Say, for example, a powerfulness society is edifice a substation. The utility would expose what it spent on construction, seek out that it picked its contractors responsibly too explicate how this novel capacity is enhancing its service. The regulator too so must create upwardly one's heed what charge per unit of measurement hikes, if any, would survive reasonable – later on hearing out everyone amongst something at stake.
Following this routine is harder amongst cyberdefense spending. Security concerns acquire far tough if non impossible for utilities to say what they’re doing amongst that money. Regulators, therefore, receive got a difficult fourth dimension figuring out whether utilities are spending likewise much or likewise picayune or possibly fifty-fifty wasting coin on an unnecessary expense.
If regulators blindly approve these charge per unit of measurement hikes, it tin give the axe survive an abdication of their duties. If they decline them, utilities acquire penalized for shoring upwardly their safety too and so lose an incentive to continue doing the correct thing.
To err is human
Even though the idiosyncrasies of utility regulation brand cyberdefense a to a greater extent than complicated number than it mightiness otherwise be, tools to care this risk are available.
Mitigating the harm that human fault tin give the axe crusade inwards reply to malicious attacks, for example, may non demand whatever spending beyond what it costs to learn workers at utilities too their contractors to refrain from blindly opening perilous e-mail attachments, the avenue into the electricity organization used yesteryear hackers inwards the 2015 Ukraine attacks too inwards the organization breaches the regime of late disclosed.
Indeed, hackers delivered almost 94 per centum of all malware inwards 2016 through e-mail systems. Clearly, to a greater extent than widespread awareness of the demand to continue an middle out for phishing attacks volition aid secure infrastructure.
Regulators receive got been studying strategies that mightiness elevate cybersecurity. Standards are already inwards house inwards the U.S., Canada too business office of Mexico for utilities to assess their capability to preclude or abide by cyberattacks.
Preventative measures tin give the axe include states adopting new regulations that protect utilities’ confidential information too doing to a greater extent than to prepare utility workers to topographic point too seem upwardly cybersecurity threats.
It’s also of import that regulators recognize that securing systems is an ongoing process. It tin give the axe never actually destination because every bit organization safety measures change, hackers devise novel ways to circumvent them.
Grid resilience
Grid resilience strategies tin give the axe aid to keep service regardless of the source of the outage. For example, many utilities receive got invested inwards “self-healing” systems that isolate glitches inwards the grid too chop-chop restore service amidst outages.
Here’s an instance of how that works. During Hurricane Matthew inwards Florida, inwards 2016, Florida Power too Light identified a threatened substation too isolated it from the remainder of the grid. This mensurate protected its customers yesteryear ensuring that outages at that substation would non spread.
Utilities tin give the axe also create microgrids, or portions of the grid that tin give the axe survive isolated from the remainder of the organization inwards the result of an attack. Most of these systems receive got been designed to improve resilience inwards the result of natural disasters too tempest events. But they tin give the axe aid defend the grid against cyberattacks every bit well.
Public concerns over grid safety are to a greater extent than justified than ever. But I believe that minimizing the risk of a catastrophic infrastructure assail is inside reach. All it volition receive got is for utilities to educate their workers on organization safety piece the regime updates its rules too practices – too for everyone involved to continue doing what they tin give the axe to avert outages of all kinds too to restore powerfulness every bit chop-chop every bit possible when outages occur despite those efforts. Theodore J. Kury, Director of Energy Studies, University of Florida
This article was originally published on The Conversation. Read the original article.
Buat lebih berguna, kongsi:
